Mobile Device Security Tutorial

  • By Paul Timm
  • 07/01/14

Security for mobile devices differs in different kinds of organizations. Enterprise organizations, for instance, must protect intellectual property, personally identifiable information and proprietary competitive data. IT security standards at most companies would likely require among other things wiping data from lost smart phones, tablets or laptops.

By contrast, K-12 school districts that control access to Internet and network sites and what is stored on mobile devices may not have proprietary concerns. “Typically, this material will be open source — coursework and research in math, history, English and so on,” says Eric Green, director with Atlanta, Ga.-based Mobile Active Defense, a company that develops software to secure mobile devices. “Security for primary and secondary schools has to do with controlling access through username resolution, managing and monitoring how students and staff use devices and ensuring that the devices capable of accessing the district’s network conform to district policies.

“This involves making the devices tamper resistant and creating a system of content filtering that students can’t turn off or change — that’s important because students make up the primary group of cyber attackers in K-12 schools.”

A school IT department should also build a public key infrastructure with certificate authentication, set comprehensive policies and manage the policies carefully, continues Green.

The mobile security structure for the district network should include content filtering that might for instance include blocking hacker sites, gambling sites and pornography sites. Green calls these three good examples of the types of sites that must be blocked — for the network generally. “These three kinds of sites tend to be sites with malicious stuff,” he says.

Management goes beyond blocking and filtering technologies. Green recommends personal intervention with positive and negative reinforcement.

Negative reinforcement might involve calling a student in and telling him or her: You tried to go around a network policy and security precaution that blocks an Internet site. This policy is important to your safety and the safety of other students and teachers using the network. Our security system recorded what you did and reported it. You must change your behavior and abide by security policies or you won’t be able to use the network to access the Internet anymore.

On the positive side, you might tell students that they are moving up a grade and so qualify to access more Internet content. If you handle these new privileges appropriately, we’ll expand access again. “Positive reinforcement gives students incentives to comply with policies,” Green says.

The BYOD variable

Schools that rely on students to bring their own mobile devices have different security challenges. According to Green, one key BYOD policy involves requiring mobile users to access the school’s WiFi instead of using their own mobile and cell networks — IT, of course, can’t block and filter those networks without significant device level controls in place.

“Risks and vulnerabilities arise from the characteristics of particular devices,” Green notes. “For example, Apple iPhones and iPads allow users to delete management controls, while Samsung devices provide real security controls, allowing an administrator to lock devices down and prevent certain actions. In other areas, however, Samsung has fewer management capabilities.”

Bandwidth management

Green also urges IT security directors to track usage throughout the day and evaluate it in terms of available bandwidth. “You can use the content filter and mobile firewall to manage bandwidth, too,” he says. “The risk here is that you use all of your tools to manage security, and the network still goes down because all the kids decide to watch television on permitted sites one afternoon.”

It is beyond the scope of this article to provide a comprehensive treatment of mobile device security, but public key infrastructure, blocking and filtering, comprehensive policies and careful management of online activities as well as bandwidth stand out as key issues to consider.

This article originally appeared in the issue of .

About the Author

Paul Timm, PSP, is the president of Chicago-based RETA Security and is the author of “School Security: How to Build and Strengthen a School Safety Program.” He can be reached via www.retasecurity.com, www.twitter.com/schoolsecurity or www.facebook.com/safeschools1.

Featured

  • Recent University of Pennsylvania Projects Receive LEED Certifications

    The University of Pennsylvania in Philadelphia, Penn., recently announced that three of its recent construction projects have earned LEED certifications, according to university news. The Vagelos Laboratory for Energy Science and Technology (VLEST) received a LEED Platinum certification, Amy Gutmann Hall a LEED Gold, and the OTT Center for Track and Field a LEED silver.

  • Kimball International Launches New Furniture for K–12 Classrooms

    Commercial furnishings company Kimball International recently announced the launch of four new products designed for a variety of professional environments, including K–12 schools, according to a news release.

  • Inglewood Unified School District Breaks Ground on New High School

    The Inglewood Unified School District in Inglewood, Calif., recently broke ground on a new campus for Inglewood High School, according to a news release. The project has a budget of about $240 million, funding coming through bond proceeds from Measure I.

  • California K–12 District Opens New Athletic Complex, Gym

    The San Mateo Union High School District (SMUHSD) in San Mateo, Calif., recently announced the completion of two new athletics facilities: a new gymnasium at Burlingame High School, and a new athletic training complex at San Mateo High School, according to a news release.

Digital Edition